Firewall distribution recommendation please

[zPhoenix]

I have been using Securepoint (linux-based, hardened firewall, commercial but free for personal use), it is very nice but administration is becoming a pain since administration must be done in windows and does not recognize domain names when defining rules.

Can you recommend one that matches at least the must-haves below?

MUST-HAVE:

- Must be a distribution designed to be a hardened firewall on a dedicated PC(not a firewall implemented using a "generic distribution").

- Must support multiple zones (one network card per zone), preferably 4 or 5.

- Must allow defining firewall rules as follows:

--- Able to (or even default to) stopping all traffic except management.

--- Able to define rules either inbound or outbound (in other words I might want to block HTTP outbound).

--- Able to define both the source and destination for a rule as an IP (i.e.:192.168.1.5), a subnet (i.e.: 192.168.1.0/24), or a domain (i.e.: microsoft.com - for those pesky update sites that keep changing their IP addresses).

- Have a relatively easy to use management interface, prefereably one that can be used in Linux and Windows.

- It must be solid and stable enough to run for months without reboot... easy one with linux.

- Must be free

- Auto-update feature, in case they issue security patches on any of the linux components that the firewall depends on. I can probably live without this if no firewall has it.


NICE-TO-HAVE:


- It would be extremely nice if it was possible to distinguish or separately log packets that were blocked by "explicit rules" versus rules that basically say "block anything that I did not explicitly authorize". Even better if the "anything else" logs were routinely emailed to the administrator for analysis.

Thank you for reading this far.

[TheGreen]

Hmmm. Well thats quite a list for a free firewall. You may have a hard time gettig all of them, but almost all of them are available in IPCop. http://www.ipcop.org/ I use it and find it one of the better ones I have tried. my biggest complaint is the use a color scheme to denote the interfaces which I suppose is to help everyday users but makes me crazy. i.e. Red = External Interface, Green=Internal, Orange= DMZ, Blue=WLAN (or jsut use as another DMZ) that and the fact that out of the box you only can use use these four interfaces (NIcs) . There are addons available as well. One cd, you install on a PC / server with no OS on it, run an X config program and once done can manage from a browser etc.

[AlexK]

you can try smoothwall, it has all those things, but can't handle 4, 5 zones (it has red and green out of box), but they're working on it. I don't know about the auto-email thing, but if you add the Guardian addon, then it will become a proactive firewall.

Another one is the Mandrake Multinetwork firewall, you can download it here. has most, if not all the features you are asking for (it has been a long time since i checked what the latest version has).

both of these firewalls can be managed by any computer on the local network, be they linux, windows, mac etc.

[brians]

You want OpenBSD.

I found it easier to learn than linux. Man pages are complete and up to date, including basic configuration examples.

http://www.openbsd.org/


Enjoy,

BrianS